Troubleshooting Wireless Issues
By Ankita Sakarkar
日本語はこちら
Overview
This article covers troubleshooting steps for resolving common wireless issues on Cisco Meraki MR access points. Multiple factors contribute to the quality of a wireless environment, including DHCP configuration, SSID settings, RF performance, and firewall rules. Below are the troubleshooting steps to resolve the most frequently encountered wireless issues.
Learn more with these free online training courses on the Meraki Learning Hub:
- Troubleshooting Wireless Client Connectivity
- Troubleshooting Wireless Client Performance
- Troubleshooting Wireless Network Connectivity
- Evaluating Wireless Network Performance
Troubleshooting clients not getting an IP address
Troubleshooting SSIDs in bridge mode
If the SSID the client is connecting to is configured in bridge mode, the client receives an IP address from the local DHCP server. A few common issues related to DHCP and VLAN tags are described below.
Troubleshooting steps
Below are the troubleshooting steps to resolve DHCP issues on SSIDs configured in bridge mode.
Exhausted DHCP Pool
An exhausted DHCP pool is the most common cause of DHCP issues. A sudden increase in the number of clients using the network often triggers this condition. Follow these steps to narrow down the scope of the issue:
- Create a test SSID in NAT mode and try to connect again with a client that is experiencing issues. This step helps determine whether the issue is with the local DHCP server.
- Reduce the DHCP lease duration, if feasible. Reducing the lease duration frees up address space held by inactive devices.
- Run a packet capture on the AP's wired interface and initiate the connection from an affected client multiple time. This is helpful for determining whether DHCP Offers or Requests are passing through the AP. Multiple captures and attempts are important to ensure you have a useful amount of data.
Follow these steps to analyze the capture:
- Download the packet capture file.
- Open the file in Wireshark .
- Apply the filter "dhcp" to display DHCP packets.
- Check whether DHCP Offers are coming from the DHCP server and whether acknowledgment packets are reaching the AP's wired interface.
- If DHCP Offers are not coming from the DHCP server, or Acknowledgment packets are not reaching the AP's wired interface, an upstream or DHCP server issue is likely. For more information on DHCP flows, refer to the Netmania.
DHCP Server is unreachable
When SSIDs are configured in bridge mode, clients depend on reaching a local DHCP server. Any AP must have connectivity to a DHCP server. DHCP servers are often hosted across a site-to-site VPN tunnel and may become unreachable in the following situations:
-
The DHCP server or site goes down
-
The tunnel to the DHCP server site goes down
-
Firewall rule changes are made on either end
To test basic connectivity from the AP to the server, navigate to Wireless > Access point > Tools and ping the IP address of the DHCP server. If the server is not responsive, a connection issue exists somewhere upstream from the AP. Trace the connection to the DHCP server to identify where the break occurs.
Incorrect VLAN tags
Incorrect VLAN tags are a common issue when SSIDs are tagged to a particular VLAN. The APs assign IP addresses to clients on the tagged VLAN. The client VLAN connection depends on the port configuration of the upstream device the AP is connected to.
For example, if the upstream port is configured as a trunk port with native VLAN 10, and the SSID is tagged with VLAN 10, clients will not receive an IP address. The upstream port drops packets tagged with its native VLAN.
The solution to this issue is to either remove the VLAN tag on the SSID or change the native VLAN on the upstream ports. For more information, refer to the VLAN Tagging article.
Troubleshooting SSIDs in NAT Mode
If a client is connecting to an SSID configured in NAT mode, the AP assigns IP addresses to all clients directly. However, follow the steps below to rule out the possibility that the AP is not assigning IP addresses.
Troubleshooting steps
Below are the troubleshooting steps to resolve DHCP issues on SSIDs configured in NAT mode.
-
Connect the same client to another SSID. This confirms whether the issue is restricted to a particular SSID.
-
Connect a different client to the same SSID. This helps determine whether the issue is between one specific client and one specific SSID.
-
Run a packet capture on the client machine using Wireshark to determine whether the ACK messages are being sent from the client to the AP. The DHCP process will not complete without an ACK message from the device.
Check the event logs for the devices
The event log helps identify at which step the issue occurs. Navigate to Network Wide > Monitor > Client or filter the network-wide event log using the MAC address of the client to access the event logs.
Verify the credentials
-
Verify client credentials. Incorrect credentials (username or password) are the most common cause when a client cannot connect to a specific SSID. This issue can often be ruled out by deleting the SSID from the device, trying to connect again, and re-typing the pre-shared key.
-
If the pre-shared key for an SSID was recently changed on the dashboard using Google Chrome, the old value may be cached and the key may never have been updated. Verify that any changes to the pre-shared key are applied and saved. Change the pre-shared key in a private browser window and re-verify that the changes were saved properly.
-
When using RADIUS or Active Directory (AD) authentication, re-verify the AD credentials and the RADIUS server credentials. For more information, refer to the RADIUS Issue Resolution Guide..
-
Check failed connections by navigating to Wireless > Wireless Health > Connections and selecting the failed connection. This generates a report of all failed connections as shown in the image below:

Troubleshooting clients unable to connect to a specific AP
A client is unable to connect to a specific AP. This section covers how to isolate the issue using a minimal test SSID, upstream port checks, and AP reboots.
Troubleshooting steps
Test an SSID with Minimal Configuration Settings
Generally, the best way to resolve an issue with a client not being able to connect to a specific AP will be by creating a basic test SSID with as few configuration settings applied to it as possible.
1. Try creating and testing connectivity to an SSID with the following settings:
- Association requirements: Pre-shared key or Open
- Splash page: None
- Client IP assignment: NAT mode
- Band selection: Dual band operation
- Minimum bitrate: 1
2. If you want to contain your test, go to Wireless > SSID Availability and tag the SSID with the AP's tag so that only the AP in question broadcasts it.
3. These settings will remove all the third parties involved and make it easier to diagnose the issue between the client and the AP. This also prevents disturbing the entire network when only one AP is in question.
4. Meraki Authentication can be used as an alternative to RADIUS Authentication for testing as the basic functionalities are similar. Meraki Authentication uses a Meraki hosted RADIUS server, and testing with this may be helpful for identifying local or client-side RADIUS issues.
Verify upstream settings
Check the upstream port configuration. If the port the AP is connected to doesn't pass traffic on the VLAN the client is on, the client may have connection issues. If possible, move the AP to a port used by another working AP or a known working device. This rules out the upstream port as the cause.
Reboot the AP
Rebooting the AP helps determine whether reinitializing all processes returns the AP to a stable state.
Clients not Getting Internet Connectivity
Clients are fully connected to an AP and have a valid IP address, but still cannot reach the internet.
-
Verify that the gateway is correct and reachable. Ping the gateway from both the client and the AP.
-
Change the DNS server to Google's public DNS (8.8.8.8). DNS issues are one of the most common causes of client connection problems.
-
Check whether any firewall rules or group policies are applied to the client or the entire subnet. Navigate to Network-Wide > Client, select the client, and check the network policy.
Troubleshooting clients connecting to a far away AP
Clients connect to a distant AP instead of the nearest one, which can result in degraded performance and uneven AP load distribution. This condition is sometimes referred to as "sticky client" condition.
Troubleshooting steps
Below are the troubleshooting steps to resolve sticky client behavior.
Understand client-side behavior
1. APs act as a bridge between devices and the local network infrastructure. . The initial association process is explained in the 802.11 Association Process article. The client determines which AP to connect to. There is no way to force a client to connect to a particular AP. However, the client's decision can be influenced by using the correct configuration settings.
2. Various factors influence the client's decision of which AP it should connect to. The main factors that can be manipulated to affect this are:
3. Not all devices have the capabilities to first calculate the SNR of all the available APs around and pick the one with the best signal strength. Most clients connect to the first AP detected and remain connected until the signal is lost. This behavior can result in one AP becoming overloaded while other remain idle. Enabling Client Balancing can mitigate this condition.
Implement settings to avoid sticky client issues
Minimum bit rate and transmit power are AP parameters that can be adjusted to avoid the sticky client condition. The optimal values for these settings depend on the wireless environment and the specific client behavior.
For example, consider two APs (AP1 and AP2) and a client device with the minimum bit rate set to 12. When the client PC visits the site for the first time, the device connects to AP1. When roaming around the facility, even when the client PC gets close to AP2, the client remains connected to AP1. The SNR and bit rate values are subjective. The device is close to AP2 while having all the minimum bit rate requirements satisfied with the existing connection. The client PC will likely not connect to AP2 even when AP2 is the closest AP.

Initially, when the client PC visits the site for the first time, the device connects to AP1. When roaming around the facility, even when the PC gets close to AP2, it still stays connected to AP1. The diagram below shows the values for the SNR & bit rate (again, these values are subjective). We see that the device is close to AP2 while having all the minimum requirements for the bit rate being satisfied with its already existing connection, so the chances are that the PC will not connect to AP2 even when it is the closest AP.
To address this behavior, either reduce the Transmit Power or increase the minimum bit rate. Consider the following before making these changes, as these adjustments may affect the wireless performance of other devices:
- Not all devices support high bit rates.
- Reducing transmit power may affect coverage.
Conduct a site survey for optimal performance
To understand the wireless environment fully, conduct a site survey of the wireless infrastructure. For information on tools and best practices, refer to the Conducting Site Surveys with MR Access Points documentation.
Check specific errors in the event logs
client has left AP
This event is logged when the client informs the AP that it no longer wants to be associated. This could be the result of several factors, including the client going to sleep, low power mode or roaming away to another AP. The image below displays the type "802.11 disassociation" with reason "client has left the AP."

unknown reason
The client left the AP without providing enough data for a specific reason. Very often, this is because the device failed to notify the AP before disassociating. The event logs displays the type "802.11 disassociation" with reason "unknown reason."

Troubleshooting poor throughput due to RF performance
RF settings are the primary factor affecting throughput and overall wireless performance. High utilization on the 2.4 GHz or 5 GHz bands can considerably degrade wireless network performance. For more information on the wireless interference, refer to the Common Sources for Wireless Interference article.
Troubleshooting steps
1. Navigate to Wireless > RF spectrum to review real-time spectrum analysis data. Most APs include a dedicated wireless intrusion prevention system (WIPS) radio, referred to as Air Marshal, that populates this data. The results identify which band is over-utilized and on which channels. For more information on analyzing this data. Refer to the Spectrum Page Overview for more information on how to analyze this data.
2. Set the channel configuration to Auto Channel. This setting allows the AP to switch channels when a jammed channel is detected. When the AP switches channels, it sends a Channel Switch Announcement (CSA) to all connected clients to help maintain their connection. Many clients do not support CSA on the 2.4 GHz band, which means those clients will disconnect and must re-associate.
An example of a good RF Environment is shown in the diagram below. For most APs, the bands have low to moderate utilization, and not many overlapping channels are observed. However, for AP “4.32” it is showing high utilization on 2.4 GHz.

If a particular band is over-utilized, investigate the following:
-
Which band is getting over utilized?
-
What channels are being used by all the APs for that band?
-
Are all the APs using similar channels with respect to each band?
3. If multiple APs show high utilization on the same band, configure a manual channel assignment to prevent APs from using the same channels. For example, if AP "4.32" shows high utilization on the 2.4 GHz band on channel 6, change the channel to 11.
Making radio changes will kick off existing clients, so it is recommended to make this change outside of business hours. This example gives us an overview of how to change the necessary setting to get the optimal RF environment, but this is subjective as each wireless network is different and has a wide range of client types contributing to the RF environment.
Troubleshooting wireless network unable to access local LAN
Wireless clients are unable to access the local LAN. APs support layer 3 firewall rules (L3) per SSID, and a firewall rule may be blocking access to the local LAN.
Troubleshooting step
-
Check whether the SSID is in NAT mode. If it is, navigate to Wireless > Firewall & Traffic shaping Rules > Layer 3 firewall rule access to Local LAN. If the rule is set to Deny, change it to Allow.
-
Check whether upstream layer 3 rules exist for the subnet when using the SSID in bridge mode. These rules may be blocking wireless traffic from the local LAN.
-
Check whether Client Isolation is enabled. If so, temporarily disable it to determine whether local LAN becomes available.
Troubleshooting splash page issues
Splash page issues are among the most frequently encountered wireless issues. The splash page is one of the most widely used wireless features, which makes it a common source of problems.
Troubleshooting steps
To resolve splash page issues, refer to the Splash Page Traffic Flow & Troubleshooting for steps addressing the common issues affecting the different types of splash pages.
Avoiding wireless issues with best practice planning
The troubleshooting steps in this article address the most frequently encountered wireless issues. These issues can be mitigated considerably by following the Best practices for MR Wireless Design when designing the network.

